<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>For LDAP: GNOME Data Access 5 manual</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<link rel="home" href="index.html" title="GNOME Data Access 5 manual">
<link rel="up" href="provider-notes.html" title="Provider's notes">
<link rel="prev" href="provider_notes_sqlcipher.html" title="For SQLCipher">
<link rel="next" href="provider_notes_jdbc.html" title="For JDBC">
<meta name="generator" content="GTK-Doc V1.32 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts"></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="provider-notes.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="provider_notes_sqlcipher.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="provider_notes_jdbc.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="provider_notes_ldap"></a>For LDAP</h2></div></div></div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.2.11.7.2"></a>Authentication</h3></div></div></div>
<p>
      For the LDAP authentification, one can provide the user name as a valid Distinguished Name (DN), or one
      can provide a user name which correponds to an entry in the LDAP tree; however the LDAP server usually
      requires a DN to authenticate. Providing a DN is usually
      inconvenient and people prefer to remember their user name rather than the associated DN. For this
      reason, if a user name is not provided, the LDAP provider tries the following:
      </p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>do an anonymous bind</p></li>
<li class="listitem"><p>search a DN from the specified user name</p></li>
<li class="listitem"><p>fetch the DN is it exists and is the only result</p></li>
<li class="listitem"><p>close the anonymous connection</p></li>
<li class="listitem"><p>bind using the found DN</p></li>
</ul></div>
<p>
    </p>
<p>
      However for an Active Directory server, this may fail if the server does not allow anonymous binding or
      searches, and one can use one of the following username syntaxes instead:
      </p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>username@DOMAIN</p></li>
<li class="listitem"><p>DOMAIN\username</p></li>
</ul></div>
<p>
    </p>
</div>
<div class="sect2">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.2.11.7.3"></a>Mapping to GdaDataModel</h3></div></div></div>
<p>
      The LDAP provider maps LDAP searches to <span class="application">Libgda</span>'s data models, with the following design choices:
      </p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>A data model column is created for each attibute the LDAP search returns, plus one
	column for the DN (Distinguished name), as the 1st column of each search;
	so if no attribute is requested, the resulting data model
	will only contain one column for the DN</p></li>
<li class="listitem"><p>If not otherwise specified, the data type of each data model column is determined
	by the data type of the corresponding column attribute</p></li>
<li class="listitem"><p>Multi valued attributes are by default handled as an invalid data, but it is possible to
	specify instead to report a NULL value, or an array in a CSV notation.</p></li>
<li class="listitem"><p>For performances reasons, some data is cached (unless the "USE_CACHE" connection
	variable is set to FALSE). Cache files are in the users's home directory, as per the
	<a class="ulink" href="http://www.freedesktop.org/wiki/Specifications/basedir-spec" target="_top">XDG Base Directory Specification</a></p></li>
</ul></div>
<p>
    </p>
<p>
      For more information, see the <a class="link" href="GdaDataModelLdap.html" title="GdaDataModelLdap">GdaDataModelLdap</a> and
      the <a class="link" href="GdaLdapConnection.html" title="GdaLdapConnection">GdaLdapConnection</a> objects.
    </p>
</div>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.32</div>
</body>
</html>